Documentation forIP Address Manager

Roles and privileges in IPAM

When you add a user account in IPAM, you assign the user a role. The role determines the user's privileges.

If subnets are moved to create hierarchy changes, inherited roles are inherited from the new parent. Customized roles are not changed.

Role Privileges

Administrator

The Administrator user role has read and write access, can initiate scans to all subnets, manage credentials, custom fields, and IPAM settings and has full access to DHCP management and DNS monitoring.

Only administrators can perform certain actions, such as:

  • SNMP credentials management
  • Custom fields management
  • Subnet scan settings configuration
  • Directly configure custom roles in the  Subnet Edit dialog

Power User

Power Users have the same privileges granted to Operators, with the addition of the following:

  • Drag‑and‑drop reorganization of network components in the Manage Subnets and IP Addresses view.
  • Supernet and group properties management, including the ability to edit supernet and group properties and custom fields on portions of the network made available by the Administrator.
  • Initiate scans.

Operator

Operators have the same privileges granted to Read Only users with the addition of the following:

  • Addition and deletion of IP address ranges from portions of the network made available by the site administrator
  • Subnet status selection on the Manage Subnets & IP Addresses page
  • IP address property and custom field management, including the ability to edit IP address properties on portions of the network made available by the site administrator

Read Only

This role has read-only access to DHCP servers, scopes, leases, reservations and DNS servers, and zones.

This role restricts all access, including access to all DHCP management and DNS monitoring, to the following:

  • All IPAM Web Console widgets, including search and Top XX widgets
  • All IP address and network component properties and custom fields on the Manage Subnets and IP Addresses page
  • The Chart view on the Manage Subnets & IP Addresses page

Custom

A Custom Role is customized on a per subnet basis and specifies which privileges a user has. You can also overwrite the inherited permissions on child objects. The child objects inherit the same permissions as the parent.